-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathinstall.sh
executable file
·282 lines (236 loc) · 8.75 KB
/
install.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
#!/bin/bash
##########################################################
# T-Pot install script #
# Ubuntu server 14.04, x64 #
# #
# v0.4 by av, DTAG 2015-06-15 #
# #
# based on T-Pot Community Edition Script #
# v0.47 by mo, DTAG, 2015-06-12 #
##########################################################
# Let's create a function for colorful output
fuECHO () {
local myRED=1
local myWHT=7
tput setaf $myRED
echo $1 "$2"
tput setaf $myWHT
}
fuECHO ""
echo "
##########################################################
# T-Pot install script #
# for Ubuntu server 14.04, x64 #
##########################################################
Make sure the SSH login for your normal user is working!
"
# check for superuser
if [[ $EUID -ne 0 ]]; then
fuECHO "### This script must be run as root. Do not run via sudo! Script will abort!"
exit 1
fi
echo "Which user do you usually work with? This script is invoked by root, but what is your normal username?"
echo -n "Enter username: "
read myuser
# Make sure all the necessary prerequisites are met.
echo ""
echo "Checking prerequisites..."
# check if user exists
if ! grep -q $myuser /etc/passwd
then
fuECHO "### User '$myuser' not found. Script will abort!"
exit 1
fi
# check if ssh daemon is running
sshstatus=$(service ssh status)
if [[ ! $sshstatus =~ "ssh start/running, process" ]];
then
echo "### SSH is not running. Script will abort!"
exit 1
fi
# check for available, non-empty SSH key
if ! fgrep -qs ssh /home/$myuser/.ssh/authorized_keys
then
fuECHO "### No SSH keys for user '$myuser' found. Script will abort!"
exit 1
fi
# check for default SSH port
sshport=$(fgrep Port /etc/ssh/sshd_config|cut -d ' ' -f2)
if [ $sshport != 22 ];
then
fuECHO "### SSH port is not 22. Script will abort!"
exit 1
fi
# check if pubkey authentication is active
if ! fgrep -q "PubkeyAuthentication yes" /etc/ssh/sshd_config
then
fuECHO "### Public Key Authentication is disabled /etc/ssh/sshd_config. Enable it by changing PubkeyAuthentication to 'yes'."
exit 1
fi
# check for ubuntu 14.04. distribution
if ! fgrep -q 'Ubuntu 14.04' /etc/issue
then
fuECHO "### Wrong distribution. Must be Ubuntu 14.04.*. Script will abort! "
exit 1
fi
# Let's make sure there is a warning if running for a second time
if [ -f install.log ];
then
fuECHO "### Running more than once may complicate things. Erase install.log if you are really sure."
exit 1
fi
echo "Everything looks OK..."
echo ""
clear
echo "##########################################################"
echo "# #"
echo "# How do you want to proceed? Enter '1' or '2'. #"
echo "# #"
echo "# 1 - Install T-Pot #"
echo "# Recommended resources: >=2GB RAM, >=40GB disk #"
echo "# Services: honeytrap, kippo, dionaea, glastopf, #"
echo "# suricata, kibana dashboard (ELK), EWS #"
echo "# #"
echo "# 2 - Install T-Pot's honeypots only. #"
echo "# No kibana dashboard (ELK), no suricata, but #"
echo "# fewer resources required. #"
echo "# Recommended resources: >=1GB RAM, >=30GB disk #"
echo "# Services: honeytrap, kippo, dionaea, glastopf, EWS #"
echo "# #"
echo "##########################################################"
echo ""
echo -n "Your choice: "
read choice
if [[ "$choice" != [1-2] ]];
then
fuECHO "### You typed $choice, which I don't recognize. It's either '1' or '2'. Script will abort!"
exit 1
fi
case $choice in
1)
echo "You chose a full T-Pot installation. Great choice!"
mode="normal"
;;
2)
echo "You chose to install T-Pot's honeypots only. Hold tight!"
mode="hponly"
;;
*)
fuECHO "### You typed $choice, which I don't recognize. It's either '1' or '2'. Script will abort!"
exit 1
;;
esac
# End checks
# Let's log for the beauty of it
set -e
exec 2> >(tee "t-pot-error.log")
exec > >(tee "t-pot-install.log")
# Let's modify the sources list
sed -i '/cdrom/d' /etc/apt/sources.list
# Let's add the docker repository
fuECHO "### Adding docker repository."
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
tee /etc/apt/sources.list.d/docker.list <<EOF
deb https://get.docker.io/ubuntu docker main
EOF
# Let's pull some updates
fuECHO "### Pulling Updates."
apt-get update -y
fuECHO "### Installing Updates."
apt-get dist-upgrade -y
# Let's install all the packages we need
fuECHO "### Installing packages."
apt-get install curl ethtool git ntp libpam-google-authenticator lxc-docker-1.6.2 vim -y
# getting t-pot git repo
fuECHO "### Cloning T-Pot Repository."
cwdir=$(pwd)
git clone https://github.com/dtag-dev-sec/tpotce.git
cp -R $cwdir/tpotce/installer/ $cwdir
rm -rf $cwdir/tpotce/
rm $cwdir/installer/install1.sh $cwdir/installer/install2.sh
cwdir=$cwdir/installer/
cd $cwdir
# apply changes for "T-Pot's honeypot only"-install, no suricata and ELK
if [[ $mode == "hponly" ]];
then
rm $cwdir/upstart/elk.conf
rm $cwdir/upstart/suricata.conf
sed -i '5d' $cwdir/data/images.conf
sed -i '6d' $cwdir/data/images.conf
fi
# Let's add a new user
fuECHO "### Adding new user."
addgroup --gid 2000 tpot
adduser --system --no-create-home --uid 2000 --disabled-password --disabled-login --gid 2000 tpot
# Let's set the hostname
fuECHO "### Setting a new hostname."
myHOST=ce$(date +%s)$RANDOM
hostnamectl set-hostname $myHOST
sed -i 's#127.0.1.1.*#127.0.1.1\t'"$myHOST"'#g' /etc/hosts
# Let's patch sshd_config
fuECHO "### Patching sshd_config to listen on port 64295 and deny password authentication."
sed -i 's#Port 22#Port 64295#' /etc/ssh/sshd_config
sed -i 's#\#PasswordAuthentication yes#PasswordAuthentication no#' /etc/ssh/sshd_config
# Let's patch docker defaults, so we can run images as service
fuECHO "### Patching docker defaults."
tee -a /etc/default/docker <<EOF
DOCKER_OPTS="-r=false"
EOF
# Let's patch /etc/issue for t-pot autoinstall
sed -i '14,15d' $cwdir/etc/issue
echo "Container status is written to ~/docker-status" >> $cwdir/etc/issue
# Let's load docker images from remote
fuECHO "### Downloading docker images from DockerHub. Please be patient, this may take a while."
for name in $(cat $cwdir/data/images.conf)
do
docker pull dtagdevsec/$name
done
# Let's add the daily update check with a weekly clean interval
fuECHO "### Modifying update checks."
tee /etc/apt/apt.conf.d/10periodic <<EOF
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "0";
APT::Periodic::AutocleanInterval "7";
EOF
# Let's add some conrjobs
fuECHO "### Adding cronjobs."
tee -a /etc/crontab <<EOF
# Determine running containers every 120s
*/2 * * * * root /usr/bin/status.sh > /home/$myuser/docker-status
# Check if containers and services are up
*/5 * * * * root /usr/bin/check.sh
# Check if updated images are available and download them
27 1 * * * root for i in \$(cat /data/images.conf); do /usr/bin/docker pull dtagdevsec/\$i:latest; done
# Restart docker service and containers
27 3 * * * root /usr/bin/dcres.sh
# Delete elastic indices older than 30 days
27 4 * * * root /usr/bin/docker exec elk bash -c '/usr/local/bin/curator --host 127.0.0.1 delete --older-than 30'
# Update IP and erase check.lock if it exists
27 15 * * * root /etc/rc.local
EOF
# Let's take care of some files and permissions
chmod 500 $cwdir/bin/*
chmod 600 $cwdir/data/*
chmod 644 $cwdir/etc/issue
chmod 755 $cwdir/etc/rc.local
chmod 700 $cwdir/home/*
chown $myuser:$myuser $cwdir/home/*
chmod 644 $cwdir/upstart/*
# Let's create some files and folders
fuECHO "### Creating some files and folders."
mkdir -p /data/ews/log /data/ews/conf /data/elk/data /data/elk/log
# Let's move some files
cp -R $cwdir/bin/* /usr/bin/
cp -R $cwdir/data/* /data/
cp -R $cwdir/etc/issue /etc/
cp -R $cwdir/home/* /home/$myuser/
cp -R $cwdir/upstart/* /etc/init/
# Let's take care of some files and permissions
chmod 660 -R /data
chown tpot:tpot -R /data
chown $myuser:$myuser /home/$myuser/2fa_enable.sh
# we already have ssh enabled. so we can remove this.
rm /home/$myuser/ssh_enable.sh
# Final steps
fuECHO "### Thanks for your patience. Now rebooting. Remember to login on SSH port 64295 next time!"
mv $cwdir/etc/rc.local /etc/rc.local && rm -rf $cwdir && sleep 2 &&reboot